Blog - Cyber Security Informer

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

It was scared of UK law enforcement, and worried that this essay would reflect badly on it. Now, ten years later, I offer this as a time capsule of what those early months of Snowden were like. I didn’t know either of them, but I have been writing about cryptography, security, and privacy for decades. It made sense.

Surveillance

Surveillance Computers and Electronics Encryption Government

Technology and Policymakers

Schneier on Security

NOVEMBER 14, 2019

It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. When Snow was writing, the two cultures theory was largely an interesting societal observation. When Snow was writing, the two cultures theory was largely an interesting societal observation. Today, it's a crisis.

Technology

Technology Artificial Intelligence Government Marketing

Lloyd’s Backs Off Insurance for State-Sponsored Cyberattacks

Security Boulevard

AUGUST 30, 2022

issued a market bulletin dated August 16, 2022 setting out new rules for standalone cyber-attack policies that would exclude coverage for damages from state-sponsored attacks. Lloyd’s remains strongly supportive of the writing of cyber-attack cover[age] but recognises also that cyber related business continues to be an evolving risk.

Insurance

Insurance Cyber Attacks Government Marketing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The Cyber Insurance Landscape Has Grown More Complicated

SecureWorld News

APRIL 17, 2023

When considering adding a cyber insurance policy, organizations, both public and private, must weigh the pros and cons of having insurance to cover against harm caused by a cybersecurity incident. The cost of the policy may outweigh the potential financial benefit in the event of a cyber incident.

Cyber Insurance

Cyber Insurance Insurance Risk CISO

AI: Risk or Opportunity?

Duo's Security Blog

JULY 11, 2023

Based on many recent conversations, this is an issue that needs to be approached with some care. Certainly, from the security and resilience perspective, we need to think about the impact of these solutions and how we can provide a useful framework for security, privacy and governance in relation to AI-driven apps.

Risk

Risk CISO Government Technology

Security Roundup January 2024

BH Consulting

JANUARY 16, 2024

BH Consulting Celebrates 20 Years in Business We are thrilled to announce and celebrate a significant milestone in our journey – 20 years of dedicated service in the field of cyber security and data protection. Although the blog focuses on the U.S., its central thesis calls for a ban on ransomware payments.

Ransomware

Ransomware Penetration Testing InfoSec Cybersecurity

Why Enterprises Should Control Their Encryption Keys

Thales Cloud Protection & Licensing

MARCH 28, 2018

However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data. With full control of the encryption key, the enterprise controls who can access data stored in the cloud and when they can access it. Which data within cloud workloads is encrypted.

Encryption

Encryption Government Authentication Accountability

Write Code That Protects Sensitive User Data

Veracode Security

SEPTEMBER 15, 2020

Sensitive data exposure is currently at number 3 in the??? In this blog post, we will describe common scenarios of incorrect sensitive data handling and suggest ways to protect sensitive data. What is sensitive data? Various sources and authorities may have different definitions of sensitive data.

Passwords

Passwords Encryption Authentication Risk

The Complete Guide to Securing Your Software Development Lifecycle

Security Boulevard

JANUARY 18, 2022

How to improve the security of your application with strong DevSecOps. cdd20 on Unsplash. Industry research reveals that 80% of tested web apps contain at least one bug. Some of these approaches involve punishing organizations for their response to security failures or fining them for losing data. Photo by ????

Software

Software Technology Penetration Testing Mobile

Is fighting cybercrime a losing battle for today’s CISO?

CyberSecurity Insiders

JANUARY 12, 2022

In this blog, we’ll look at the root causes of concern for today's CISO and share some practical strategies to deter cybercriminals. The CISO role can be an unenviable one. Cybercriminals just need to find one way in, but you need to either eliminate or contain all of the ways in. The asymmetry of task.

CISO

CISO Cybercrime Risk Healthcare

GDPR for WooCommerce Sites

SiteLock

AUGUST 27, 2021

As ecommerce sites are much more complex and typically handle sensitive data through digital payment transactions, there are a lot more points of potential security breach. As a responsible business, it is already a requirement that your checkout process is PCI compliant, with secure processing and data storage procedures.

eCommerce

eCommerce Data collection Accountability Marketing

CISSPs from Around the Globe: An Interview with James Wright

CyberSecurity Insiders

SEPTEMBER 8, 2021

What job do you do today? I work at a Fortune 100 Media and Entertainment company operating within the Information Security Architecture and Engineering group on the Cloud Security Services team. It encompasses shadow IT usage monitoring and service discovery as well as sanctioned IT data loss prevention in the cloud.

Computers and Electronics

Computers and Electronics Architecture Education Cybersecurity

Story of the year: the impact of AI on cybersecurity

SecureList

DECEMBER 11, 2023

As the fast-growing technology evolves, it has become a matter of policy making and regulation. Nations and international organizations have embarked on initiatives to regulate and shape the future of AI, both globally and regionally. On a regional scale, the momentum for AI governance is palpable.

Cybersecurity

Cybersecurity Artificial Intelligence Technology Risk

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

McAfee

AUGUST 24, 2021

CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7). Together, these vulnerabilities could be used by a malicious actor to modify a pump’s configuration while the pump is in standby mode, resulting in an unexpected dose of medication being delivered to a patient on its next use – all with zero authentication.

Computers and Electronics

Computers and Electronics Authentication Software Risk

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

billion locals' data. It's operating in an era of increasingly large repositories of personal data held by both private companies and governments alike. Sooner or later, big repositories of data will be abused. India's Aadhaar implementation is the largest biometric system in the world, holding about 1.2

Hacking

Hacking Government Risk Encryption

The Rise of the Sovereign Cloud

Thales Cloud Protection & Licensing

MAY 24, 2023

The Rise of the Sovereign Cloud sparsh Thu, 05/25/2023 - 04:04 One of the big ironies about data on the internet is that once the goal of achieving a centreless web of data communication (the internet itself) had been developed and built out, the next area of focus became how to draw borders around it.

Encryption

Encryption Internet Internet Data privacy

Topic-specific policy 3/11: asset management

Notice Bored

OCTOBER 13, 2021

This piece is different to the others in this blog series. I'm seizing the opportunity to explain the thinking behind, and the steps involved in researching and drafting, an information security policy through a worked example. This is about the policy development process , more than the asset management policy per se.

Energy and Utilities

Energy and Utilities Risk Information Security Government

Project Svalbard, Have I Been Pwned and its Ongoing Independence

Troy Hunt

MARCH 2, 2020

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. Per the Project Svalbard announcement blog post, I engaged KPMG to run the merger and acquisition (M&A) process for me.

Data breaches

Data breaches Marketing Cyber Insurance InfoSec

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

What if you discovered a flaw in a ransomware payment system that unlocked the data without paying the ransom? Vamosi: With the Colonial Pipeline criminal attack, we’ve seen that ransomware is an urgent national security risk that threatens schools, hospitals, businesses, and governments across the globe. Would you use it?

Hacking

Hacking Ransomware Cryptocurrency Engineering

The Hacker Mind Podcast: Hacking Ransomware

ForAllSecure

MAY 18, 2021

What if you discovered a flaw in a ransomware payment system that unlocked the data without paying the ransom? Vamosi: With the Colonial Pipeline criminal attack, we’ve seen that ransomware is an urgent national security risk that threatens schools, hospitals, businesses, and governments across the globe. Would you use it?

Hacking

Hacking Ransomware Cryptocurrency Engineering

AI and Political Lobbying

Schneier on Security

JANUARY 18, 2023

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails , college essays and myriad other forms of writing. It could write letters to the editor for publication in local newspapers. ChatGPT could automatically compose comments submitted in regulatory processes.

Artificial Intelligence

Artificial Intelligence Media Government Advertising

The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries

Troy Hunt

FEBRUARY 11, 2018

One of their developers embedded this code in the campaign's donation website: <script src="[link] type="text/javascript></script> See the problem? What could you do if you could modify that script and subsequently cause your own arbitrary JavaScript to execute on Trump's website? Easy answer - almost anything.

Government

Government Risk Software Technology

Cyber Security Informer

Snowden Ten Years Later

Technology and Policymakers

Webinars

Trending Sources

Lloyd’s Backs Off Insurance for State-Sponsored Cyberattacks

Webinars

The Cyber Insurance Landscape Has Grown More Complicated

AI: Risk or Opportunity?

Security Roundup January 2024

Why Enterprises Should Control Their Encryption Keys

Write Code That Protects Sensitive User Data

The Complete Guide to Securing Your Software Development Lifecycle

Is fighting cybercrime a losing battle for today’s CISO?

GDPR for WooCommerce Sites

CISSPs from Around the Globe: An Interview with James Wright

Story of the year: the impact of AI on cybersecurity

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

The Rise of the Sovereign Cloud

Topic-specific policy 3/11: asset management

Project Svalbard, Have I Been Pwned and its Ongoing Independence

The Hacker Mind Podcast: Hacking Ransomware

The Hacker Mind Podcast: Hacking Ransomware

AI and Political Lobbying

The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries

Stay Connected